Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

The FBI has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, whether or not someone has set up MFA.

Malwarebytes
Open in Source
#vulnerability#web#mac#auth
Dark Reading Confidential: Quantum Has Landed, So Now What?

Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.

Enhance customer experiences with Generative AI

The advent of Generative AI and its application in real-life use cases has been on the cards for…

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few

GHSA-5p5r-57fx-pmfr: Langflow vulnerable to remote code execution

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

APT36 Refines Tools in Attacks on Indian Targets

The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.

Antivirus, Anti-Malware Lead Demand for AI/ML Tools

Companies are attaching the term "AI" to everything these days, but in cybersecurity, machine learning is more than hype.

Why your vote can&#8217;t be &#8220;hacked,&#8221; with Cait Conley of CISA (Lock and Code S05E23)

This week on the Lock and Code podcast, we speak with Cait Conley about CISA's election security measures and why your vote can't be hacked.

IBM Security Verify Access 32 Vulnerabilities

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including